package com.mdxx.shiro.web;

import com.mdxx.component.GlobalParams;
import com.mdxx.component.ServerParams;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

import static org.apache.logging.log4j.message.MapMessage.MapFormat.JSON;

/**
 * Created by MD-1 on 2017/8/1.
 */
@Controller
public class BaseController {
    @Resource
    private GlobalParams globalParams;

    @Resource
    private ServerParams serverParams;

    @RequestMapping("/")
    public String index(HttpServletRequest request){
        return "/login";
    }

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String loginPage(HttpServletRequest request){
        System.out.println("loginPage*************");
        return "/login";
    }

    @RequestMapping("/main")
    public String main(){
        System.out.println(serverParams.getDeptName());
        System.out.println(globalParams.getRedis().getHost());
        Subject subject = SecurityUtils.getSubject();
        boolean memberPage = subject.isPermitted("member:add");
        System.out.println("member:add:"+memberPage);
        return "/main";
    }

    @RequestMapping(value = "/login",method = RequestMethod.POST)
    public String login(String username, String password,HttpServletRequest request){
        System.out.println("login*************"+username+password);
        UsernamePasswordToken token = new UsernamePasswordToken(username, password,request.getRemoteAddr());
        String msg = null;
        Subject subject = SecurityUtils.getSubject();

        try {
            subject.login(token);

        } catch (AuthenticationException | UnknownSessionException e) {
            if (e instanceof UnknownAccountException) {
                msg = "未知账户！";
            } else if (e instanceof LockedAccountException) {
                msg = "账户已锁定！";
            } else if (e instanceof IncorrectCredentialsException) {
                msg = "密码不正确！";
            } else if (e instanceof ExcessiveAttemptsException) {
                msg = "用户名或密码错误超过5次,请5分钟后重试";
            } else if (e instanceof ConcurrentAccessException) {
                msg = "用户已登录！";
            } else if (e instanceof AccountException) {
                msg = "未知帐号错误或用户状态异常！";
            } else if (e instanceof AuthenticationException) {
                msg = "认证失败！";
            } else if (e instanceof UnknownSessionException){
                msg = "无效的session";
            }
            if (StringUtils.isEmpty(msg)) {
                msg = "用户名密码错误！";
            }
        }

        if(!StringUtils.isEmpty(msg)){
            System.out.println(msg);
            request.getSession().setAttribute("errorMsg",msg);
            return "redirect:/login";
        }else{
            System.out.println("登录成功");
            subject.getSession().setAttribute("name","admin");
            return "redirect:/main";
        }


    }

    @RequestMapping("/403")
    public String error403(){
        return "/403";
    }

    @RequestMapping("/404")
    public String error404(){
        return "/404";
    }

    @RequestMapping("/test")
    @ResponseBody
    public String test(HttpServletRequest request){
        return "test";
    }
}
